Re: W2k Startup Error

["d_greenjr" <d_greenjr () hotmail com>]

Michael I ran the command and below is the output....it appeared to be successful.
C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -T
Running in IDS mode
Log directory = c:\snort\log

Initializing Network Interface \Device\NPF_{B372C2A0-D71E-47F6-9E12-5D4195C8F61A
}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface \Device\NPF_{B372C2A0-D71E-47F6-9E12-5D4195C8F61A
}
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file c:\snort\etc\snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Using LOCAL time
database: compiled support for ( mysql odbc )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:          port = 3306
database:   sensor name = console
database:     sensor id = 2
database: inconsistent cid information for sid=2
          Recovering by rolling forward the cid=5
database: schema version = 106
database: using the "alert" facility
1331 Snort rules read...
1331 Option Chains linked into 139 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.0-ODBC-MySQL-WIN32 (Build 72)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike)
1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com)

Snort sucessfully loaded all rules and checked all rule chains!
database: Closing connection to database "snort"
Snort exiting

  ----- Original Message ----- 
  From: Michael Steele 
  To: snort-users () lists sourceforge net 
  Sent: Tuesday, September 09, 2003 2:41 PM
  Subject: RE: [Snort-users] W2k Startup Error


  Make SURE you have the paths configured properly. Also make SURE MySQL is running and accepting the connection. Try 
running this from the snort/bin folder:

   

  snort  -c c:\snort\etc\snort.conf -l c:\snort\log -i1 -T         

   

  This will run a diagnosis on your install.

  -Michael Steele
  --
   System Engineer / Security Support Technician    
   mailto:michaels () winsnort com   
   Website: http://www.winsnort.com
   Snort: Open Source Network IDS - http://www.snort.org
    


------------------------------------------------------------------------------

  From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
d_greenjr
  Sent: Monday, September 08, 2003 3:59 PM
  To: snort-users () lists sourceforge net
  Subject: [Snort-users] W2k Startup Error

   

  This may not be the forum to ask this question, but I installed snort on Windows 2000 with no problem.  I then 
followed the winsnort directions (http://www.winsnort.com/Winsnort/guides/WinSnortApache.pdf) on installing snort as a 
service and received the error "Could not start the Snort service on Local Computer.  Error 1067: The process 
terminated unexpectedly."  And it did not start.  The command I used to install the service was as follows (from the 
snort/bin directory): 

          snort /SERVICE /INSTALL -de -c c:\snort\etc\snort.conf -l c:\snort\log -i1

   

  I also set the service to automatically start. Following is what the snort service properties path reads 
"C:\Snort\bin\SNORT /SERVICE"

   

  Any suggestions??